Graph Trends
Use RRDtool to easily generate graphs for just about anything.
You may be familiar with graphing bandwidth usage with tools such as MRTG. From a security standpoint it’s useful to graph bandwidth usage, since it can help you spot anomalous behavior. Having a history of typical bandwidth usage gives you a baseline to judge what’s going on. This can make it easier to determine if somebody is performing a DoS attack on your site, or if a machine on your network is acting as a Warez depot.
RRDtool
(http://people.ee.ethz.ch/~oetiker/webtools/rrdtool/)
provides similar functionality to MRTG, but it is much more
flexible.
RRDtool is basically a tool for
storing data in a general-purpose database that will never grow in
size. RRD stands for
round-robin
database
, which is a special type of
database that maintains a fixed number of entries—the oldest
entry is constantly being replaced by the newest data. RRDtool
also has the ability to generate graphs of the data
contained in a round-robin database.
The most common use of RRDtool is to make pretty
bandwidth graphs. This is easily
done with RRDtool and
snmpget
, a utility that queries devices managed
with SNMP.
First, you’ll need to create a
round-robin database by running a command similar to this one:
$ rrdtool create zul.rrd --start N \
DS:de0_in:COUNTER:600:U:U \
DS:de0_out:COUNTER:600:U:U \
RRA:AVERAGE:0.5:1:600 \
RRA:AVERAGE:0.5:6:700 \
RRA:AVERAGE:0.5:24:775 \
RRA:AVERAGE:0.5:288:797 \
RRA:MAX:0.5:1:600 \
RRA:MAX:0.5:6:700 ...